Service interruptions from distributed-denial-of-service (DDoS) attacks rose 162% in 2016—mainly thanks to the activities of the Mirai internet of things (IoT) botnet.

According to a report from SurfWatch Labs, one of the main reasons for the spike is the attack on Brian Krebs’ site in the fall, as well as a series of attacks on hosting and domain name providers, including Dyn.

Cybercrime incidents via the supply chain also spiked sharply this year. Threat data collected and evaluated by SurfWatch Labs shows that the percentage of cybercrime linked to third parties nearly doubled over the past year—and that only includes publicly disclosed breaches. These activities include vendors directly exposing customer and employee data, malicious actors using third parties as an avenue into other organizations’ networks, and vulnerabilities in third-party products and source code being exploited.

Supply chain cyber-attacks highest in healthcare: More targets tied to third-party cybercrime (vendors, partners, suppliers) were found in the healthcare facilities and services industry than any other.

“The large-scale attacks we’ve seen this year highlight the ability of cybercriminals to continuously shift their tactics to weak links in the security chain,” said Adam Meyer, chief security strategist, SurfWatch Labs. “Organizations’ cyber risks have increased due to the growing number of vulnerable devices, easy-to-guess and/or reused user credentials and supply chain cybersecurity weaknesses. The interconnectivity of data, devices and vendors creates numerous avenues of attack for cybercriminals.”

SurfWatch Labs also collected cyber-event activity from thousands of open and Dark Web sources and categorized, normalized and measured the data for impact based on the CyberFact information model. The data also uncovered a surge of compromised credentials, including two of the largest breaches to-date at Yahoo and Adult Friend Finder. SurfWatch Labs found more than 1,100 organizations associated with the “credentials stolen/leaked” tag across both public and Dark Web sources over the past year, up from 828 in 2015.

“It’s clear that as organizations get better at closing the front doors to attacks, cybercriminals shift their tactics to find other ways in,” said Meyer. “By using evaluated threat intelligence, we can understand what the bad guys are doing, and make better informed forecasts of how cybercrime will impact organizations, their supply chain and their industry—and ultimately determine the most effective methods for reducing cyber-risk now and in the future.”